CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2012-0752 – flash-plugin: multiple code execution flaws (APSB12-03)
https://notcve.org/view.php?id=CVE-2012-0752
16 Feb 2012 — Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion." El programa Adobe Flash Player anterior a la versión 10.3.183.15 y versión 11.x anterior a 11.1.102.62 en Windows, Mac OS X, Linux y Solaris; anterior al 11.1.111.6 en Android versión 2.... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 96%CPEs: 10EXPL: 1CVE-2012-0754 – Adobe Flash Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-0754
16 Feb 2012 — Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player antes de v10.3.183.15 y v11.x antes de v11.1.102.62 en Windows, Mac OS X, Linux y Solaris, y antes de v11.1.111.6 en Android v2.x y v3.x, y antes de v11.1.115.6 en Android v4.x permite a lo... • https://www.exploit-db.com/exploits/18572 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 0CVE-2012-0767 – Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2012-0767
16 Feb 2012 — Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Adobe Flash Player antes de v10.3.183.15 y v11.x a... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 0CVE-2011-3874
https://notcve.org/view.php?id=CVE-2011-3874
27 Jan 2012 — Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. Un desbordamiento de búfer basado en pila en libsysutils en Android v2.2.x hasta la v2.2.2 y v2.3.x hasta la v2.3.6 permite ejecutar código de su elección a los usuarios remot... • http://code.google.com/p/android/issues/detail?id=21681 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4276
https://notcve.org/view.php?id=CVE-2011-4276
25 Jan 2012 — The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. El servicio de Bluetooth (com/android/phone/BluetoothHeadsetService.java)en Android v2.3 anterior a v2.3.6 permite a atacantes remotos dentro de la gama Bluetooth para obtener datos de contacto a través de una agenda en la transferencia. • http://code.google.com/p/android/issues/detail?id=21347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
25 Oct 2011 — WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XS... • http://code.google.com/p/chromium/issues/detail?id=96047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2011-2344
https://notcve.org/view.php?id=CVE-2011-2344
08 Jul 2011 — Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. Android Picasa en Android v3.0 y v2.x hasta v2.3.4 usa sesion HTTP en texto claro cuando se transmite el authToken obtenido de ClientLogin, lo que permite a usuarios remotos ganar privilegios y acceder a imagenes ... • http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2011-1823 – Android OS Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2011-1823
09 Jun 2011 — The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak. El demonio de vold volume manager en Android versión 3.0 y versiones 2.x anterior a 2.3.4, confía en los mensajes que son ... • http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0b1c7ae486e979826200e8e441605b0a5d6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 3CVE-2010-4804 – Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4804
09 Jun 2011 — The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. El navegador de Android antes de la v2.3.4 de Android permite a atacantes remotos obtener el contenido de tarjetas SD a través de peticiones content://URIs, en relación con (1) BrowserActivity.java y (2) BrowserSettings.java en com/android/browser. • https://packetstorm.news/files/id/180648 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •